Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)

[Ralph Doncaster <ralph () istop com>]

> <http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=www.cnn.com>
>
> Works for me, works from any system that has a browser.  At any given time 
> I'm *far* more likely to have a browser running than port scanning 
> software, so this solution is also IMHO faster.

Until today netcraft listed agamemnon.cnchost.com as unknown.
I ran nmap to see what it says, so I guess you should assume I'm
hostile. ;-)

Interesting ports on agamemnon.cnchost.com (207.155.252.31):
(The 1519 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
25/tcp     open        smtp                    
80/tcp     open        http                    
110/tcp    open        pop-3                   

TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)
No OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=Y%W=6045%ACK=S++%Flags=AS%Ops=NWM)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)